<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="frame-src 'none'">
<script>
    if (window.testRunner) {
        testRunner.dumpAsText();
        testRunner.waitUntilDone();
    }

    tests = 6;
    window.addEventListener("message", function(message) {
        tests -= 1;
        test();
    }, false);

    function setup() {
        var iframe = document.getElementById('testiframe');
        iframe.onload = function () {
            window.postMessage("next", "*");
        };
        test();
    }

    function test() {
        function setIframeSrc(isolated, num) {
            var iframe = document.getElementById('testiframe');
            iframe.src = "resources/iframe.php?test=" + num;
        }

        alert("Running test #" + tests + "\n");
        switch (tests) {
            case 6:
                setIframeSrc(false, tests);
                break;
            case 5:
                // Clear any existing isolated world CSP or security origin to
                // prevent side-effects from other tests.
                testRunner.setIsolatedWorldInfo(1, null, null);
                testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setIframeSrc")) + "\nsetIframeSrc(true, " + tests + ");");
                break;
            case 4:
                alert("Starting to bypass main world's CSP:");
                testRunner.setIsolatedWorldInfo(1, "chrome-extension://123", "frame-src 'none'");
                testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setIframeSrc")) + "\nsetIframeSrc(true, " + tests + ");");
                break;
            case 3:
                // Main world, then isolated world -> should load
                setIframeSrc(false, tests);
                testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setIframeSrc")) + "\nsetIframeSrc(true, " + tests + ".5);");
                break;
            case 2:
                // Isolated world, then main world -> should block
                testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setIframeSrc")) + "\nsetIframeSrc(true, " + tests + ");");
                setIframeSrc(false, tests + 0.5);
                break;
            case 1:
                setIframeSrc(false, tests);
                break;
            case 0:
                testRunner.setIsolatedWorldInfo(1, null, null);
                testRunner.notifyDone();
                break;
        }
    }
</script>
</head>
<body onload='setup();'>
    <p>
        <iframe id="testiframe"></iframe>
        This test ensures that iframes loaded from isolated worlds marked with
        their own Content Security Policy aren't affected by the page's content
        security policy. Extensions, for example, should be able to load any
        resource they like.
    </p>
</body>
</html>
